Let's say from a remote location I wanted to connect to the 2nd machine. In the VNC Client, I would put 123.123.123.123, but how would I specify which machine I want to connect to? All the external will do is point me to the proper gateway (123.123.123.123 --> 192.168.1.1). Now that the gateway has received a VNC client connect request, how does it know which machine to pass the request to?

I assume it has something to do with firewall configuration. In the firewall configuration, even if I had port 5900 open to allow VNC, wouldn't it be logical to make the rule say "inbound, any machine"?

In this example, we are getting inbound connections for 2 machines, but even then, having 2 firewall rules will still not tell the gateway which machine I am trying to VNC to. How do I target a particular machine from outside the local network?

Replies To: How does the router know which machine to point you to remotely?

Re: How does the router know which machine to point you to remotely?

Posted 24 February 2010 - 12:33 AM

Ports.
When these VNC servers are set up, they have the option of letting you chose which port they advertise on (or to leave as default). Then on the router in front of those servers, there should be port forwarding, saying anything coming to the router destined for inside the network on SPECIFIED PORT NUMBER send to SPECIFIED IP ADDRESS.

Re: How does the router know which machine to point you to remotely?

Posted 24 February 2010 - 04:32 AM

The magic term you're looking for is NAT. The short answer is, incoming requests to the gateway generally don't get to find the machines behind the router. Part of the point of NATing is to hide your private networks from the big bad world.

That said, the idea of using ports to route to separate boxes it quite good. A number of gateway routers support something called "port forwarding". On the router itself you may be able to set this up so that external request for a given port get sent to a given address. You may have to specify protocols as well on the router.

Re: How does the router know which machine to point you to remotely?

Posted 24 February 2010 - 08:58 AM

baavgai, on 24 February 2010 - 03:32 AM, said:

The magic term you're looking for is NAT. The short answer is, incoming requests to the gateway generally don't get to find the machines behind the router. Part of the point of NATing is to hide your private networks from the big bad world.

That said, the idea of using ports to route to separate boxes it quite good. A number of gateway routers support something called "port forwarding". On the router itself you may be able to set this up so that external request for a given port get sent to a given address. You may have to specify protocols as well on the router.

Thanks Baavgai, but that was part of my initial question. VNC runs on a specific port, does it not? Once that specific port is used up by one machine, how can I possibly have another machine using that Protocol Port + 1, another machine using Protocol Port + 2, etc. (5901, 5902, 5903, etc...)

I very much understand the fact that we use NAT to make sure hosts outside the network can't see what's inside. The other side of your answer I'm still unclear about as well: "may be able to set this up so that external request for a given port get sent to a given address".

Are you saying if I had a machine running on port 30000 and I wanted to target that machine, I could do "192.168.1.10:3000", and if I wanted to target the other machine, I do: "192.168.1.20:30001" ?

Re: How does the router know which machine to point you to remotely?

Posted 24 February 2010 - 09:17 AM

Via port forwarding, that's correct. The router will know to forward any incoming data on a certain port to a certain machine on the internal network. At a more basic level, routers utilize routing tables to remember which machines are attached to which physical ports. This is similar to NAT which uses translation tables however not all routers do NAT.

You are also correct in thinking that you can't specify which client to connect to without changing the port. Port forwarding can only be setup to forward traffic to a single machine for a given port range. The port ranges must be disjoint between machines.

Re: How does the router know which machine to point you to remotely?

Posted 24 February 2010 - 09:54 AM

I'm not tracker, I specified that in my beginning post. I'm just trying to REALLY understand how multiple machines running the same services can both be running concurrently without any connection issues from remote hosts.

I understand that I can use ports to get the router to know which machine I want a remote machine to be able to connect to, BUT... It's not like I get a free choice of which port its running on.

If I have 3 machines running VNC on the designated VNC port (5900), how can I possibly have a remote host connect to machine #2 in my local network instead of machine #1 or #3?

EDIT --- Ohhh Okay, so I can have one running on 5901, another running on 5902, etc, and then in my router configuration create multiple rules, one for 5901 going to machine 1 IP address, another rule for 5902 going to machine 2 IP address... Gotcha! Is this correct?

Re: How does the router know which machine to point you to remotely?

Re: How does the router know which machine to point you to remotely?

Posted 24 February 2010 - 10:17 AM

Xioshin, on 24 February 2010 - 10:54 AM, said:

Is this correct?

You got it.

Ports are just numbers; they are fundamentally arbitrary. Certain ports are traditionally used by certain things, but that needn't constrain you. You choose the ports you want your services to run on. From a security perspective, it's sometimes even a good idea to move services off their expected port, if you want them available but less well known.